CVE-2023-3550 Information
Sep 26, 2023
cve
Description
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore if the instance administrator allows XML file uploads
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
Reference
https://www.mediawiki.org/wiki/MediaWiki/ https://fluidattacks.com/advisories/blondie/
Share on: